一、安装环境
- 系统
[root@master1 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@master1 ~]# uname -a
Linux master1 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
- 配置
角色 | IP | 配置 |
master1 | 172.16.0.11 | 4核4G内存 |
node1 | 172.16.0.12 | 4核4G内存 |
node2 | 172.16.0.13 | 4核4G内存 |
二、基础配置(所有服务器都要配置)
- 更改服务器名称
hostnamectl set-hostname master1 #在master1上操作
hostnamectl set-hostname node1 #在node1上操作
hostnamectl set-hostname node2 #在node2上操作
- 添加域名绑定(所有服务器都要操作)
cat >> /etc/hosts << EOF
172.16.0.11 master1
172.16.0.12 node1
172.16.0.13 node2
EOF
- 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
- 关闭selinux
setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- 关闭swap分区
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
6.将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system #让配置生效
- 配置时间同步
yum install -y ntpdate && ntpdate time.windows.com
三、安装docker(所有服务器都要配置)
- 卸载旧版本的docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
- 安装docker
yum install -y wget
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
- 启动docker及配置为开机启动
systemctl enable docker && systemctl start docker
- 查看docker版本
docker --version
- 配置阿里云镜像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://sx15mtuf.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
四、添加阿里云yum源(所有服务器都要配置)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
五、安装kubeadm、kubelet、kubectl(所有服务器都要配置)
- 安装三大件
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
- 设置开机启动
systemctl enable kubelet
六、初始化master1节点(仅master1节点操作)
- 初始化master1节点
kubeadm init \
--apiserver-advertise-address=172.16.0.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
- 配置kubectl工具
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown ( i d − u ) : (id -u):(id−u):(id -g) $HOME/.kube/config
七、部署CNI插件(仅master1节点操作)
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get pods -n kube-system #查看flannel状态
kubectl get nodes #flannel就绪后,我们可以看到master1也已经就绪
八、添加node节点(所有node节点上操作)
- 将master1节点的flannel配置拷贝到node节点
scp -r /etc/cni [email protected]:/etc/cni #这个是在master1上操作的
systemctl restart kubelet
- 将node节点加入到集群
kubeadm join 172.16.0.11:6443 --token x1spbh.gfwauz5pp9x8jk5j --discovery-token-ca-cert-hash sha256:601a110b6cb91577322b3dc2253140a5f2c2eed6873495c213ff9795dcdfb2a6
- 查看节点状态
kubectl get nodes
九、测试
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
十、安装dashboard
- 下载yml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
- 将recommended.yaml如下两处新增
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增
ports:
- port: 443
targetPort: 8443
nodePort: 30001 #新增
selector:
k8s-app: kubernetes-dashboard
- 执行并生效
kubectl create -f recommended.yaml
- 创建serceaccount和clusterrolebinding资源YAML文件
vim adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
- 创建admin-user并且赋予admin-user集权管理员权限
kubectl create -f adminuser.yaml
6.在浏览器中输入 https://172.16.0.11:30001/
- 查看token
[root@master1 ~]# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-nzrk4 kubernetes.io/service-account-token 3 89m
kubernetes-dashboard-certs Opaque 0 89m
kubernetes-dashboard-csrf Opaque 1 89m
kubernetes-dashboard-key-holder Opaque 2 89m
kubernetes-dashboard-token-bs9qp kubernetes.io/service-account-token 3 89m #找到此项
[root@master1 ~]# kubectl describe secret kubernetes-dashboard-token-bs9qp -n kubernetes-dashboard
Name: kubernetes-dashboard-token-bs9qp
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: e03da0c2-3e9c-42d6-b1da-3417e3cc2764
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImNfTmhqVFdsbXpiRUpTTnA1bEhNanhnMUNTY2lQUWJDd0FBcWljQXExejAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1iczlxcCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImUwM2RhMGMyLTNlOWMtNDJkNi1iMWRhLTM0MTdlM2NjMjc2NCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.0CVjK8WjyDiyYShSwyCyTKN-f3FoYDlgIX--_ISshxLmmzJJRJolqiUXkbCs_OBZUhOz_3tJarpjgnFUcoETpFgDjdB9naztbajTPrGDIgLzjVWKsvnsfAKaMGxnpyNLBnCQAQzmGBKfNBg6jnxhEAxcTkA42N0yxxX8-30PTNsZjW8hx8haoSYoUK_ttlVbi1ajT8JHg2YCo3Scxdg01niZpsTntmqtSeraxE7bPgDCGBX6281iMAhlT9vDXTkYUlFoEXqdIC717cvDsh-ky0xEkOR4pEnmUiOTEIJWor_lr8LMA4FCaA1v2Xw-4f9rHDEzjWq2DTjn4DI2WWia2A
ca.crt: 1025 bytes
namespace: 20 bytes
[root@master1 ~]#
- 输入token,就可以进入dashboard了
